CVE-2008-6070 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

3.4%

top 12.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick

Timeline

PublishedFeb 10

Latest updateMay 17

Description

Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.2.3-1 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.2.3-1+3

▶NVDgraphicsmagick/graphicsmagick1.2.2+23

🔴Vulnerability Details

GHSA

GHSA-vwj5-vw48-r26j: Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm↗2022-05-17

▶

OSV

CVE-2008-6070: Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm↗2009-02-10

▶

📋Vendor Advisories

Debian

CVE-2008-6070: graphicsmagick - Multiple heap-based buffer underflows in the ReadPALMImage function in coders/pa...↗2008

▶

Red Hat

, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick↗2007-03-01

▶

💬Community

Bugzilla

CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick↗2009-08-07

▶